Posted by: David Harley | December 3, 2016

AV-Test Report on Risk Scenarios

Long-established research/product testing organization AV-Test has published an interesting  document giving some background to the current malware scene, including consideration of threats on Windows, Mac, Android/mobile, Internet, PUA, and test statistics. Current Risk Scenario: AV-TEST Security Report Facts at a Glance

David Harley

Posted by: David Harley | November 12, 2016

Recent Apple security news

Article by Graham Cluley for ESET on smishing (SMS phishing): Apple ID smishing evolves to lure more victims

Shaun Nichols for The Register: Mac administrators brace for big changes to Apple-powered fleets – New features could shake-up how macOS machines are managed. Has much to do with Apple’s plans to move from HFS(+) to the Apple File System.

Michael Mimoso for Kaspersky: iOS Webview Problem Allows Attackers To Initiate Phone Calls. Related to the story mentioned here: iOS exploit that flooded 911 call centres

David Harley

Posted by: David Harley | October 31, 2016

Fix for iOS 10.1 health data bug

The Register: Apple rushes out iOS 10.1.1 fix after health data flat lines – Now with less-random information wiping

9to5Mac: Apple releases iOS 10.1.1 for iPhone and iPad, fixes bug with missing Health data

TL:DR version: go to Settings/Software Update

David Harley

Posted by: David Harley | October 30, 2016

iOS exploit that flooded 911 call centres

Summary by Shaun Nichols for The Register of the story behind the exploit that caused 911 centres around Phoenix to be flooded with ’emergency calls’.

Lad cuffed after iOS call exploit knocks out Arizona 911 center

David Harley

Posted by: David Harley | October 30, 2016

Your AppleID is NOT expiring today

Graham Cluley describes a ‘smishing’ campaign (phishing via SMS texts) targeting Apple iOS users, trying to persuade them to access a malicious URL by telling them that ‘Your AppleID is die to expire Today’.

As the clocks go back, UK Apple users targeted by smishing campaign – Think before you click, and you too can avoid phishers.

David Harley

Posted by: David Harley | October 25, 2016

More recent news

So, just one day after suggesting that I’m cutting back on notifications to this site…

Apple News

And on the Android front…

David Harley


Posted by: David Harley | October 24, 2016

Slowdown and Catch-Up

You may have noticed that nothing has been posted here since August 2016. This isn’t, as it happens, because there have been no issues in the world of Apple or Android security (there have!), but simply because I no longer work full-time, and I’m having to prioritize other work. I’ll still try to flag really important or interesting stuff here, but don’t expect too much, too often, or too promptly…

Here are one or two issues that have cropped up in the last month or two that caught my eye:

David Harley
ESET Senior Research Fellow

Posted by: David Harley | August 30, 2016

AV-Test looks at Android parental control apps

 Here are the results of a recent test by AV-Test asking (and answering) the question  ‘Is security software for Android with parental control functions sufficient to protect our children or is it better to have a special parental control app?’

Test: Parental Control Apps for Android

David Harley
ESET Senior Research Fellow 
(This isn’t an ESET blog, but since ESET did well in the test I guess I should point out that I work with ESET as a consultant, though I have nothing to do with their marketing or product development.)

Posted by: David Harley | August 30, 2016

OSX/Keydnap spread via Transmission app

ESET researchers say:

‘During the last hours, OSX/Keydnap was distributed on a trusted website, which turned out to be “something else”. It spread via a recompiled version of the otherwise legitimate open source BitTorrent client application Transmission and distributed on their official website.’

OSX/Keydnap spreads via signed Transmission application

Posted by: David Harley | August 28, 2016

Google: easier access to content on mobile

Google: Helping users easily access content on mobile

Takes two approaches, the latter maybe more security-related.

  • One relates to the removal of the  mobile-friendly label, since most sites now meet that criterion, so the removal is seen as reducing clutter.
  • The other introduces measures to reduce the impact of intrusive pop-ups and standalone interstitials that obscure the content.
Commentary from the BBC here.  (HT to BPB)

David Harley

Older Posts »